You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

after doing some research on how to fix wormblaster and the trojan backdoors being recognized by avg, I found a way to uninstall avg and use combofix to rid my computer of internet security (the fake protection tool) now the internet will now work on my computer. but at the same time, i was also having problems with google auto redirecting my searches or clicks and popups coming up with different offers(this would happen very often). What i was told on here to do was run DDS and GMER which is why I have created this new topic. Please Help! (remember, the internet on my computer isnt working after running combo fix)

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

==============================

Please post the resulting log of Combofix when you run it, it is located at C:\Combofix.txt.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

=============================================

Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad windows.

Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

First OTL Copy/Paste========== OTL ==========Error: No service named zenos1 was found to stop!Service\Driver key zenos1 not found.Error: No service named wscsvc was found to stop!Service\Driver key wscsvc not found.Error: No service named wmp54gv4svc was found to stop!Service\Driver key wmp54gv4svc not found.Error: No service named wkscfgsrv was found to stop!Service\Driver key wkscfgsrv not found.Error: No service named wintabservice was found to stop!Service\Driver key wintabservice not found.Error: No service named winachsx was found to stop!Service\Driver key winachsx not found.Error: No service named WcesComm was found to stop!Service\Driver key WcesComm not found.Error: No service named wacomvhid was found to stop!Service\Driver key wacomvhid not found.Error: No service named W700mgmt was found to stop!Service\Driver key W700mgmt not found.Error: No service named w300bus was found to stop!Service\Driver key w300bus not found.Error: No service named w200bus was found to stop!Service\Driver key w200bus not found.Error: No service named vtserver was found to stop!Service\Driver key vtserver not found.Error: No service named vncmirror was found to stop!Service\Driver key vncmirror not found.Error: No service named vmkbd2 was found to stop!Service\Driver key vmkbd2 not found.Error: No service named VCAM was found to stop!Service\Driver key VCAM not found.Error: No service named VAIOMediaPlatform-MusicServer-HTTP was found to stop!Service\Driver key VAIOMediaPlatform-MusicServer-HTTP not found.Error: No service named vaiomediaplatform-musicserver-appserver was found to stop!Service\Driver key vaiomediaplatform-musicserver-appserver not found.Error: No service named USBVCD was found to stop!Service\Driver key USBVCD not found.Error: No service named usbscan was found to stop!Service\Driver key usbscan not found.Error: No service named usbmate was found to stop!Service\Driver key usbmate not found.Error: No service named USBAAPL was found to stop!Service\Driver key USBAAPL not found.Error: No service named USB11LDR was found to stop!Service\Driver key USB11LDR not found.Error: No service named TeamViewer was found to stop!Service\Driver key TeamViewer not found.Error: No service named symtdi was found to stop!Service\Driver key symtdi not found.Error: No service named symndis was found to stop!Service\Driver key symndis not found.Error: No service named stirusb was found to stop!Service\Driver key stirusb not found.Error: No service named ssidrv was found to stop!Service\Driver key ssidrv not found.Error: No service named ss_mdfl was found to stop!Service\Driver key ss_mdfl not found.Error: No service named sqlagent$pinnaclesys was found to stop!Service\Driver key sqlagent$pinnaclesys not found.Error: No service named Spooler was found to stop!Service\Driver key Spooler not found.Error: No service named spmd was found to stop!Service\Driver key spmd not found.Error: No service named SPLITCAM was found to stop!Service\Driver key SPLITCAM not found.Error: No service named soma was found to stop!Service\Driver key soma not found.Error: No service named SNP2UVC was found to stop!Service\Driver key SNP2UVC not found.Error: No service named slave was found to stop!Service\Driver key slave not found.Error: No service named SiS7018 was found to stop!Service\Driver key SiS7018 not found.Error: No service named se59mdm was found to stop!Service\Driver key se59mdm not found.Error: No service named sandboxu was found to stop!Service\Driver key sandboxu not found.Error: No service named sagefserver was found to stop!Service\Driver key sagefserver not found.Error: No service named s616bus was found to stop!Service\Driver key s616bus not found.Error: No service named RVIEG01 was found to stop!Service\Driver key RVIEG01 not found.Error: No service named rtl8185 was found to stop!Service\Driver key rtl8185 not found.Error: No service named rtl8139 was found to stop!Service\Driver key rtl8139 not found.Error: No service named richvideo was found to stop!Service\Driver key richvideo not found.Error: No service named qbfcservice was found to stop!Service\Driver key qbfcservice not found.Error: No service named pduip6000dmemcrdmgr was found to stop!Service\Driver key pduip6000dmemcrdmgr not found.Error: No service named PdiPorts was found to stop!Service\Driver key PdiPorts not found.Error: No service named pca was found to stop!Service\Driver key pca not found.Error: No service named osaio was found to stop!Service\Driver key osaio not found.Error: No service named o2flash was found to stop!Service\Driver key o2flash not found.Error: No service named ntuneservice was found to stop!Service\Driver key ntuneservice not found.Error: No service named ntsyslog was found to stop!Service\Driver key ntsyslog not found.Error: No service named NPPTNT was found to stop!Service\Driver key NPPTNT not found.Error: No service named nimcdlbk was found to stop!Service\Driver key nimcdlbk not found.Error: No service named NETw3x32 was found to stop!Service\Driver key NETw3x32 not found.Error: No service named NecUsb was found to stop!Service\Driver key NecUsb not found.Error: No service named naveng was found to stop!Service\Driver key naveng not found.Error: No service named Mvc25U870_VID_1262&PID_25FD was found to stop!Service\Driver key Mvc25U870_VID_1262&PID_25FD not found.Error: No service named msvad_simple was found to stop!Service\Driver key msvad_simple not found.Error: No service named msmframework was found to stop!Service\Driver key msmframework not found.Error: No service named MSCamSvc was found to stop!Service\Driver key MSCamSvc not found.Error: No service named mksupdateint was found to stop!Service\Driver key mksupdateint not found.Error: No service named mcupdmgr.exe was found to stop!Service\Driver key mcupdmgr.exe not found.Error: No service named mcstrm was found to stop!Service\Driver key mcstrm not found.Error: No service named mbackmonitor was found to stop!Service\Driver key mbackmonitor not found.Error: No service named MagicTune was found to stop!Service\Driver key MagicTune not found.Error: No service named Machnm32 was found to stop!Service\Driver key Machnm32 not found.Error: No service named lightscribeservice was found to stop!Service\Driver key lightscribeservice not found.Error: No service named l8042pr2 was found to stop!Service\Driver key l8042pr2 not found.Error: No service named keriomailserver was found to stop!Service\Driver key keriomailserver not found.Error: No service named k56 was found to stop!Service\Driver key k56 not found.Error: No service named JiaoCap was found to stop!Service\Driver key JiaoCap not found.Error: No service named ixiaendpoint was found to stop!Service\Driver key ixiaendpoint not found.Error: No service named incdrec was found to stop!Service\Driver key incdrec not found.Error: No service named imonnt was found to stop!Service\Driver key imonnt not found.Error: No service named igateway was found to stop!Service\Driver key igateway not found.Error: No service named IBMTPCHK was found to stop!Service\Driver key IBMTPCHK not found.Error: No service named iaimfp3 was found to stop!Service\Driver key iaimfp3 not found.Error: No service named iaimfp0 was found to stop!Service\Driver key iaimfp0 not found.Error: No service named hsf_dpv was found to stop!Service\Driver key hsf_dpv not found.Error: No service named hpqwmi was found to stop!Service\Driver key hpqwmi not found.Error: No service named hpgate was found to stop!Service\Driver key hpgate not found.Error: No service named houdinilicenseserver was found to stop!Service\Driver key houdinilicenseserver not found.Error: No service named helpsvc was found to stop!Service\Driver key helpsvc not found.Error: No service named GTF32BUS was found to stop!Service\Driver key GTF32BUS not found.Error: No service named grmnusb was found to stop!Service\Driver key grmnusb not found.Error: No service named FVXSCSI was found to stop!Service\Driver key FVXSCSI not found.Error: No service named FGDSCSI was found to stop!Service\Driver key FGDSCSI not found.Error: No service named FETNDIS was found to stop!Service\Driver key FETNDIS not found.Error: No service named ERSvc was found to stop!Service\Driver key ERSvc not found.Error: No service named epson_pm_rpcv4_01 was found to stop!Service\Driver key epson_pm_rpcv4_01 not found.Error: No service named emupia was found to stop!Service\Driver key emupia not found.Error: No service named elbydelay was found to stop!Service\Driver key elbydelay not found.Error: No service named dwusbdnt was found to stop!Service\Driver key dwusbdnt not found.Error: No service named dsproct was found to stop!Service\Driver key dsproct not found.Error: No service named dlcc_device was found to stop!Service\Driver key dlcc_device not found.Error: No service named DeviceScanner was found to stop!Service\Driver key DeviceScanner not found.Error: No service named db2licd was found to stop!Service\Driver key db2licd not found.Error: No service named db2jds was found to stop!Service\Driver key db2jds not found.Error: No service named cwbrxd was found to stop!Service\Driver key cwbrxd not found.Error: No service named centennialiptransferagent was found to stop!Service\Driver key centennialiptransferagent not found.Error: No service named c-dillacdac11ba was found to stop!Service\Driver key c-dillacdac11ba not found.Error: No service named botcbs was found to stop!Service\Driver key botcbs not found.Error: No service named avg7rsw was found to stop!Service\Driver key avg7rsw not found.Error: No service named ATMsg was found to stop!Service\Driver key ATMsg not found.Error: No service named atksgt was found to stop!Service\Driver key atksgt not found.Error: No service named atiavpci was found to stop!Service\Driver key atiavpci not found.Error: No service named atiavaiw was found to stop!Service\Driver key atiavaiw not found.Error: No service named ati2mpaa was found to stop!Service\Driver key ati2mpaa not found.Error: No service named as32svc was found to stop!Service\Driver key as32svc not found.Error: No service named ARCSOFTVIRTUALCAPTURE was found to stop!Service\Driver key ARCSOFTVIRTUALCAPTURE not found.Error: No service named amoagent was found to stop!Service\Driver key amoagent not found.Error: No service named AmdIde was found to stop!Service\Driver key AmdIde not found.Error: No service named aksusb was found to stop!Service\Driver key aksusb not found.Error: No service named a8djavs was found to stop!Service\Driver key a8djavs not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}\ not found.Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginePrefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginenamePrefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEnginePrefs.js: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d52d3be656af4865b66f7ff47438abfc&subid=&keywords={searchTerms}" removed from browser.search..selectedEngineURLPrefs.js: "Ask.com" removed from browser.search.defaultenginePrefs.js: "Ask.com" removed from browser.search.defaultenginenamePrefs.js: "Ask.com" removed from browser.search.order.1Prefs.js: "Ask.com" removed from browser.search.selectedEnginePrefs.js: "http://www.ask.com/?l=dis&o=102868&gct=hp" removed from browser.startup.homepagePrefs.js: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=" removed from keyword.URLPrefs.js: "127.0.0.1" removed from network.proxy.httpPrefs.js: 53677 removed from network.proxy.http_portRegistry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with x-ipod-magic-platinum\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.File C:\Documents and Settings\Marc\Local Settings\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824 not found.File C:\Documents and Settings\Marc\Local Settings\Application Data\143306s0j286x770y614f0jar4x1 not found.File C:\Documents and Settings\All Users\Application Data\143306s0j286x770y614f0jar4x1 not found.File C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8 not found.File C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8r not found.File C:\Documents and Settings\All Users\Application Data\rUUsGBSbT6IWl8 not found.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride not found.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications not found.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationAn internal error occurred: The request is not supported.

It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE

Close any open windows, including this one.

Double click on ComboFix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal. *The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. *This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.

When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.

ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

Please do not mouseclick combofix's window while its running because it may call it to stall.

ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

6. When finished, it shall produce a log for you which I will require in your next reply.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

C:\Documents and Settings\Marc\Desktop\Log.exe I'm honestly not sure, i think it is one of the original combofix logs, but when i double click it, this comes up (Couldn't load module 0x000021df.) so I am assuming it isnt that important. :/

The program may (or it may not) ask you for your Windows XP installation CD, please insert it at the prompt.

If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

Do you have access on another Windows XP PC so that we can grab a copy of those missing files?

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

That's great! Now please copy the following files and save them in C:\ drive of the infected PC. Run the OTL scan afterward.

c:\windows\system32\drivers\tcpip.sys

c:\windows\system32\drivers\ipsec.sys

c:\windows\System32\spoolsv.exe

c:\windows\System32\wscntfy.exe

Run OTL.

Click the None button at the top (Between "Run fix" and "Clean up" button).

Copy and Paste the following code into the Custom Scan box.

/md5start
tcpip.sys
ipsec.sys
spoolsv.exe
wscntfy.exe
/md5stop

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad windows.

Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

Edited by sempai, 02 March 2012 - 11:27 PM.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)